Advertisement

Designs, Codes and Cryptography

, Volume 77, Issue 2–3, pp 611–631 | Cite as

Open problems in hash function security

  • Elena Andreeva
  • Bart Mennink
  • Bart Preneel
Article

Abstract

A cryptographic hash function compresses arbitrarily long messages to digests of a short and fixed length. Most of existing hash functions are designed to evaluate a compression function with a finite domain in a mode of operation, and the compression function itself is often designed from block ciphers or permutations. This modular design approach allows for a rigorous security analysis via means of both cryptanalysis and provable security. We present a survey on the state of the art in hash function security and modular design analysis. We focus on existing security models and definitions, as well as on the security aspects of designing secure compression functions (indirectly) from either block ciphers or permutations. In all of these directions, we identify open problems that, once solved, would allow for an increased confidence in the use of cryptographic hash functions.

Keywords

Hash functions Compression functions Reductions  Permutation based Block cipher based Open problems 

Mathematics Subject Classification

94A60 

Notes

Acknowledgments

This work was supported in part by the Research Council KU Leuven: GOA TENSE (GOA/11/007). Elena Andreeva and Bart Mennink are Postdoctoral Fellows of the Research Foundation—Flanders (FWO).

References

  1. 1.
    Abed F., Forler C., List E., Lucks S., Wenzel J.: Counter-bDM: a provably secure family of multi-block-length compression functions. In: Progress in Cryptology—AFRICACRYPT 2014. Lecture Notes in Computer Science, vol. 8469, pp. 440–458. Springer, Heidelberg (2014).Google Scholar
  2. 2.
    Andreeva E., Mennink B., Preneel B.: Security properties of domain extenders for cryptographic hash functions. J. Inf. Process. Syst. 6(4), 453–480 (2010).Google Scholar
  3. 3.
    Andreeva E., Mennink B., Preneel B.: Security reductions of the second round SHA-3 candidates. In: Information Security Conference—ISC 2010. Lecture Notes in Computer Science, vol. 6531, pp. 39–53. Springer, Heidelberg (2010).Google Scholar
  4. 4.
    Andreeva E., Mennink B., Preneel B.: The parazoa family: generalizing the sponge hash functions. Int. J. Inf. Secur. 11(3), 149–165 (2012).Google Scholar
  5. 5.
    Andreeva E., Mennink B., Preneel B., Škrobot M.: Security analysis and comparison of the SHA-3 Finalists BLAKE. In: Grøstl J.H., Keccak and Skein (eds.) Progress in Cryptology—AFRICACRYPT 2012. Lecture Notes in Computer Science, vol. 7374, pp. 287–305. Springer, Heidelberg (2012).Google Scholar
  6. 6.
    Andreeva E., Neven G., Preneel B., Shrimpton T.: Seven-property-preserving iterated hashing: ROX. In: Advances in Cryptology—ASIACRYPT 2007. Lecture Notes in Computer Science, vol. 4833, pp. 130–146. Springer, Heidelberg (2007).Google Scholar
  7. 7.
    Andreeva E., Preneel B.: A three-property-secure hash function. In: Selected Areas in Cryptography 2008. Lecture Notes in Computer Science, vol. 5381, pp. 228–244. Springer, Heidelberg (2008).Google Scholar
  8. 8.
    Andreeva E., Stam M.: The symbiosis between collision and preimage resistance. In: IMA International Conference 2011. Lecture Notes in Computer Science, vol. 7089, pp. 152–171. Springer, Heidelberg (2011).Google Scholar
  9. 9.
    Armknecht F., Fleischmann E., Krause M., Lee J., Stam M., Steinberger J.P.: The preimage security of double-block-length compression functions. In: Advances in Cryptology—ASIACRYPT 2011. Lecture Notes in Computer Science, vol. 7073, pp. 233–251. Springer, Heidelberg (2011).Google Scholar
  10. 10.
    Babai L.: The Fourier Transform and Equations over Finite Abelian Groups (Lecture Notes, version 1.3) (2002). http://people.cs.uchicago.edu/laci/reu02/fourier.pdf.
  11. 11.
    Backes M., Barthe G., Berg M., Grégoire B., Kunz C., Skoruppa M., Béguelin S.Z.: Verified security of Merkle-Damgård. In: Computer Security Foundations Symposium—CSF 2012. pp. 354–368. IEEE Comput. Soc. (2012).Google Scholar
  12. 12.
    Baecher P., Brzuska C., Mittelbach A.: Reset indifferentiability and its consequences. In: Advances in Cryptology—ASIACRYPT 2013 (I). Lecture Notes in Computer Science, vol. 8269, pp. 154–173. Springer, Heidelberg (2013).Google Scholar
  13. 13.
    Baecher P., Farshim P., Fischlin M., Stam M.: Ideal-cipher (ir)reducibility for blockcipher-based hash functions. In: Advances in Cryptology—EUROCRYPT 2013. Lecture Notes in Computer Science, vol. 7881, pp. 426–443. Springer, Heidelberg (2013).Google Scholar
  14. 14.
    Barreto P., Rijmen V.: The WHIRLPOOL hashing function (2003). http://www.larc.usp.br/pbarreto/whirlpool.zip.
  15. 15.
    Bellare M., Canetti R., Krawczyk H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing. pp. 419–428. ACM (1998).Google Scholar
  16. 16.
    Bellare M., Rogaway P.: Collision-resistant hashing: towards making UOWHFs practical. In: Advances in Cryptology—CRYPTO ’97. Lecture Notes in Computer Science, vol. 1294, pp. 470–484. Springer, Heidelberg (1997).Google Scholar
  17. 17.
    Bernstein D.: CubeHash specificatio. Submission to NIST’s SHA-3 Competition (2009).Google Scholar
  18. 18.
    Bertoni G., Daemen J., Peeters M., Assche G.: Sufficient conditions for sound tree and sequential hashing modes. Cryptol. ePrint Arch. Report 2009/210 (2009).Google Scholar
  19. 19.
    Bertoni G., Daemen J., Peeters M., Assche G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Selected Areas in Cryptography 2011. Lecture Notes in Computer Science, vol. 7118, pp. 320–337. Springer, Heidelberg (2011).Google Scholar
  20. 20.
    Bertoni G., Daemen J., Peeters M., Assche G.: On the security of the keyed sponge construction. In: Symmetric Key Encryption Workshop (SKEW 2011) (2011).Google Scholar
  21. 21.
    Bertoni G., Daemen J., Peeters M., Assche G.: The KECCAK sponge function family, submission to NIST’s SHA-3 competition (2011).Google Scholar
  22. 22.
    Bertoni G., Daemen J., Peeters M., Assche G.: Sponge functions (ECRYPT Hash Function Workshop 2007).Google Scholar
  23. 23.
    Bertoni G., Daemen J., Peeters M., Van Assche G.: Sakura: a flexible coding for tree hashing. In: Applied Cryptography and Network Security—ACNS 2014. Lecture Notes in Computer Science, vol. 8479, pp. 217–234. Springer, Heidelberg (2014).Google Scholar
  24. 24.
    Bhattacharyya R., Mandal A., Nandi M.: Security analysis of the mode of JH hash function. In: Fast Software Encryption 2010. Lecture Notes in Computer Science, vol. 6147, pp. 168–191. Springer, Heidelberg (2010).Google Scholar
  25. 25.
    Biham E., Dunkelman O.: A framework for iterative hash functions—HAIFA. Cryptology ePrint Archive, Report 2007/278 (2007).Google Scholar
  26. 26.
    Biryukov A., Khovratovich D., Nikolić I.: Distinguisher and related-key attack on the full AES-256. In: Advances in Cryptology—CRYPTO 2009. Lecture Notes in Computer Science, vol. 5677, pp. 231–249. Springer, Heidelberg (2009).Google Scholar
  27. 27.
    Black J., Cochran M., Shrimpton T.: On the impossibility of highly-efficient blockcipher-based hash functions. In: Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494, pp. 526–541. Springer, Heidelberg (2005).Google Scholar
  28. 28.
    Black J., Rogaway P., Shrimpton T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Advances in Cryptology—CRYPTO 2002. Lecture Notes in Computer Science, vol. 2442, pp. 320–335. Springer, Heidelberg (2002).Google Scholar
  29. 29.
    Black J., Rogaway P., Shrimpton T., Stam M.: An analysis of the blockcipher-based hash functions from PGV. J. Cryptol. 23(4), 519–545 (2010).Google Scholar
  30. 30.
    Bos J., Özen O., Stam M.: Efficient hashing using the AES instruction set. In: Cryptographic Hardware and Embedded Systems—CHES 2011. Lecture Notes in Computer Science, vol. 6917, pp. 507–522. Springer, Heidelberg (2011).Google Scholar
  31. 31.
    CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness (2014). http://competitions.cr.yp.to/caesar.html.
  32. 32.
    Canteaut A., Fuhr T., Naya-Plasencia M., Paillier P., Reinhard J.R., Videau M.: A unified indifferentiability proof for permutation-or block cipher-based hash functions. Cryptology ePrint Archive, Report 2012/363 (2012).Google Scholar
  33. 33.
    Chang D., Lee S., Nandi M., Yung M.: Indifferentiable security analysis of popular hash functions with prefix-free padding. In: Advances in Cryptology—ASIACRYPT 2006. Lecture Notes in Computer Science, vol. 4284, pp. 283–298. Springer, Heidelberg (2006).Google Scholar
  34. 34.
    Chen S., Lampe R., Lee J., Seurin Y., Steinberger J.P.: Minimizing the two-round Even-Mansour cipher. In: Advances in Cryptology—CRYPTO 2014 (I). Lecture Notes in Computer Science, vol. 8616, pp. 39–56. Springer, Heidelberg (2014).Google Scholar
  35. 35.
    Coron J., Dodis Y., Malinaud C., Puniya P.: Merkle-Damgård revisited: how to construct a hash function. In: Advances in Cryptology—CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621, pp. 430–448. Springer, Heidelberg (2005).Google Scholar
  36. 36.
    Daemen J., Rijmen V.: The Design of Rijndael: AES—The Advanced Encryption Standard. Springer, Berlin (2002).Google Scholar
  37. 37.
    Damgård I.: A design principle for hash functions. In: Advances in Cryptology—CRYPTO ’89. Lecture Notes in Computer Science, vol. 435, pp. 416–427. Springer, Heidelberg (1990).Google Scholar
  38. 38.
    Daubignard M., Lafourcade P., Lakhnech Y.: Generic indifferentiability proofs of hash designs. In: Computer Security Foundations Symposium—CSF 2012. Lecture Notes in Computer Science, IEEE Computer Society, Washington, pp. 340–353 (2012).Google Scholar
  39. 39.
    Davies, D.W., Price, W.L.: Security for Computer Networks—an Introduction to Data Security in Teleprocessing and Electronic Funds Transfer (2. ed.). Wiley Series in Communication and Distributed Systems (1989).Google Scholar
  40. 40.
    Dean R.: Formal Aspects of Mobile Code Security. Ph.D. thesis, Princeton University, Princeton (1999).Google Scholar
  41. 41.
    Demay G., Gaži P., Hirt M., Maurer U.: Resource-restricted indifferentiability. In: Advances in Cryptology—EUROCRYPT 2013. Lecture Notes in Computer Science, vol. 7881, pp. 664–683. Springer, Heidelberg (2013).Google Scholar
  42. 42.
    Diffie W., Hellman M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 655–654 (1976).Google Scholar
  43. 43.
    Dobbertin H., Bosselaers A., Preneel B.: RIPEMD-160: a strengthened version of RIPEMD. In: Fast Software Encryption ’96. Lecture Notes in Computer Science, vol. 1039, pp. 71–82. Springer, Heidelberg (1996).Google Scholar
  44. 44.
    Dodis Y., Pietrzak K., Puniya P.: A new mode of operation for block ciphers and length-preserving MACs. In: Advances in Cryptology—EUROCRYPT 2008. Lecture Notes in Computer Science, vol. 4965, pp. 198–219. Springer, Heidelberg (2008).Google Scholar
  45. 45.
    Dodis Y., Ristenpart T., Shrimpton T.: Salvaging Merkle-Damgård for practical applications. In: Advances in Cryptology—EUROCRYPT 2009. Lecture Notes in Computer Science, vol. 5479, pp. 371–388. Springer, Heidelberg (2009).Google Scholar
  46. 46.
    Duo L., Li C.: Improved collision and preimage resistance bounds on PGV schemes. Cryptology ePrint Archive, Report 2006/462 (2006).Google Scholar
  47. 47.
    Ferguson N., Lucks S., Schneier B., Whiting D., Bellare M., Kohno T., Callas J., Walker J.: The Skein Hash Function Family, submission to NIST’s SHA-3 competition (2009).Google Scholar
  48. 48.
    Fleischmann E., Gorski M., Lucks S.: Security of cyclic double block length hash functions. In: IMA International Conference 2009. Lecture Notes in Computer Science, vol. 5921, pp. 153–175. Springer, Heidelberg (2009).Google Scholar
  49. 49.
    Gauravaram P.: Security analysis of salt\(||\)password hashes. In: Advanced Computer Science Applications and Technologies—ACSAT 2012, pp. 25–30. IEEE (2012).Google Scholar
  50. 50.
    Gauravaram P., Bagheri N., Knudsen L.R.: Building indifferentiable compression functions from the PGV compression functions. Des. Codes Cryptogr. doi: 10.1007/s10623-014-0020-z (2014).
  51. 51.
    Gauravaram P., Knudsen L.R.: Security analysis of randomize-hash-then-sign digital signatures. J. Cryptol. 25(4), 748–779 (2012).Google Scholar
  52. 52.
    Gauravaram P., Knudsen L.R., Matusiewicz K., Mendel F., Rechberger C., Schläffer M., Thomsen S.: Grøstl—a SHA-3 candidate. Submitted to NIST’s SHA-3 Competition (2011).Google Scholar
  53. 53.
    Gong Z., Lai X., Chen K.: A synthetic indifferentiability analysis of some block-cipher-based hash functions. Des. Codes Cryptogr. 48(3), 293–305 (2008).Google Scholar
  54. 54.
    Halevi S., Hall W., Jutla C.: The hash function “Fugue”. Submitted to NIST’s SHA-3 Competition (2009).Google Scholar
  55. 55.
    Halevi S., Krawczyk H.: Strengthening digital signatures via randomized hashing. In: Advances in Cryptology—CRYPTO 2006. Lecture Notes in Computer Science, vol. 4117, pp. 41–59. Springer, Heidelberg (2006).Google Scholar
  56. 56.
    Hirose S.: Secure block ciphers are not sufficient for one-way hash functions in the preneel-govaerts-vandewalle mode. In: Selected Areas in Cryptography 2002. Lecture Notes in Computer Science, vol. 2595, pp. 339–352. Springer, Heidelberg (2003).Google Scholar
  57. 57.
    Hirose S.: Provably secure double-block-length hash functions in a black-box model. In: Information Security and Cryptology—ICISC 2004. Lecture Notes in Computer Science, vol. 3506, pp. 330–342. Springer, Heidelberg (2005).Google Scholar
  58. 58.
    Hirose S.: Some plausible constructions of double-block-length hash functions. In: Fast Software Encryption 2006. Lecture Notes in Computer Science, vol. 4047, pp. 210–225. Springer, Heidelberg (2006).Google Scholar
  59. 59.
    Hong D., Kwon D.: Cryptanalysis of some double-block-length hash modes of block ciphers with \(n\)-bit block and \(n\)-bit key. Cryptology ePrint Archive Report 2013/174 (2013).Google Scholar
  60. 60.
    Hong D., Kwon D.: Cryptanalysis of double-block-length hash modes MDC-4 and MJH. IEICE Trans. 97-A(8), 1747–1753 (2014).Google Scholar
  61. 61.
    Jetchev D., Özen O., Stam M.: Collisions are not incidental: a compression function exploiting discrete geometry. In: Theory of Cryptography Conference 2012. Lecture Notes in Computer Science, vol. 7194, pp. 303–320. Springer, Heidelberg (2012).Google Scholar
  62. 62.
    Kelsey J., Kohno T.: Herding hash functions and the Nostradamus attack. In: Advances in Cryptology—EUROCRYPT 2006. Lecture Notes in Computer Science, vol. 4004, pp. 183–200. Springer, Heidelberg (2006).Google Scholar
  63. 63.
    Kelsey J., Schneier B.: Second preimages on n-bit hash functions for much less than 2\(^{\text{ n }}\) work. In: Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494, pp. 474–490. Springer, Heidelberg (2005).Google Scholar
  64. 64.
    Kiltz E., Pietrzak K., Szegedy M.: Digital signatures with minimal overhead from indifferentiable random invertible functions. In: Advances in Cryptology—CRYPTO 2013 (I). Lecture Notes in Computer Science, vol. 8042, pp. 571–588. Springer, Heidelberg (2013).Google Scholar
  65. 65.
    Knudsen L.R., Preneel B.: Fast and secure hashing based on codes. In: Advances in Cryptology—CRYPTO ’97. Lecture Notes in Computer Science, vol. 1294, pp. 485–498. Springer, Heidelberg (1997).Google Scholar
  66. 66.
    Knudsen L.R., Preneel B.: Construction of secure and fast hash functions using nonbinary error-correcting codes. IEEE Trans. Inf. Theory 48(9), 2524–2539 (2002).Google Scholar
  67. 67.
    Knudsen L.R., Rechberger C., Thomsen S.: The Grindahl hash functions. In: Fast Software Encryption 2007. Lecture Notes in Computer Science, vol. 4593, pp. 39–57. Springer, Heidelberg (2007).Google Scholar
  68. 68.
    Knudsen L.R., Mendel F., Rechberger C., Thomsen S.: Cryptanalysis of MDC-2. In: Advances in Cryptology—EUROCRYPT 2009. Lecture Notes in Computer Science, vol. 5479, pp. 106–120. Springer, Heidelberg (2009).Google Scholar
  69. 69.
    Kuwakado H., Morii M.: Indifferentiability of single-block-length and rate-1 compression functions. IEICE Trans. 90-A(10), 2301–2308 (2007).Google Scholar
  70. 70.
    Lai X., Massey J.: Hash function based on block ciphers. In: Advances in Cryptology—EUROCRYPT ’92. Lecture Notes in Computer Science, vol. 658, pp. 55–70. Springer, Heidelberg (1992).Google Scholar
  71. 71.
    Lee J.: Provable security of the Knudsen-Preneel compression functions. In: Advances in Cryptology—ASIACRYPT 2012. Lecture Notes in Computer Science, vol. 7658, pp. 504–525. Springer, Heidelberg (2012).Google Scholar
  72. 72.
    Lee J., Hong D.: Collision resistance of the JH hash function. IEEE Trans. Inf. Theory 58(3), 1992–1995 (2012).Google Scholar
  73. 73.
    Lee J., Kwon D.: The security of abreast-DM in the ideal cipher model. IEICE Trans. 94-A(1), 104–109 (2011).Google Scholar
  74. 74.
    Lee J., Stam M.: MJH: a faster alternative to MDC-2. In: CT-RSA 2011. Lecture Notes in Computer Science, vol. 6558, pp. 213–236. Springer, Heidelberg (2011).Google Scholar
  75. 75.
    Lee J., Stam M.: MJH: a faster alternative to MDC-2. Des. Codes Cryptogr. doi: 10.1007/978-3-642-19074-2_15 (2014).
  76. 76.
    Lee J., Stam M., Steinberger J.P.: The collision security of Tandem-DM in the ideal cipher model. In: Advances in Cryptology—CRYPTO 2011. Lecture Notes in Computer Science, vol. 6841, pp. 561–577. Springer, Heidelberg (2011).Google Scholar
  77. 77.
    Lee J., Stam M., Steinberger J.P.: The preimage security of double-block-length compression functions. Cryptol. ePrint Arch. Report 2011/210 (2011).Google Scholar
  78. 78.
    Lee W., Chang D., Lee S., Sung S., Nandi M.: New parallel domain extenders for UOWHF. In: Advances in Cryptology—ASIACRYPT 2003. Lecture Notes in Computer Science, vol. 2894, pp. 208–227. Springer, Heidelberg (2003).Google Scholar
  79. 79.
    Lee W., Chang D., Lee S., Sung S., Nandi M.: Construction of UOWHF: two new parallel methods. IEICE Trans. 88-A(1), 49–58 (2005).Google Scholar
  80. 80.
    Luo Y., Gong Z., Duan M., Zhu B., Lai X.: Revisiting the indifferentiability of PGV hash functions. Cryptology ePrint Archive Report 2009/265 (2009).Google Scholar
  81. 81.
    Luykx A., Andreeva E., Mennink B., Preneel B.: Impossibility results for indifferentiability with resets. Cryptology ePrint Archive Report 2012/644 (2012).Google Scholar
  82. 82.
    Mandal A., Patarin J., Nachef V.: Indifferentiability beyond the birthday bound for the xor of two public random permutations. In: Progress in Cryptology—INDOCRYPT 2010. Lecture Notes in Computer Science, vol. 6498, pp. 69–81. Springer, Heidelberg (2010).Google Scholar
  83. 83.
    Matyas S., Meyer C., Oseas J.: Generating strong one-way functions with cryptographic algorithm. IBM Tech. Discl. Bull. 27(10A), 5658–5659 (1985).Google Scholar
  84. 84.
    Maurer U., Renner R., Holenstein C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Theory of Cryptography Conference 2004. Lecture Notes in Computer Science, vol. 2951, pp. 21–39. Springer, Heidelberg (2004).Google Scholar
  85. 85.
    Menezes A., Oorschot P., Vanstone S.: Handbook of Applied Cryptography. CRC Press, New York (1997).Google Scholar
  86. 86.
    Mennink B.: Optimal collision security in double block length hashing with single length key. In: Advances in Cryptology—ASIACRYPT 2012. Lecture Notes in Computer Science, vol. 7658, pp. 526–543. Springer, Heidelberg (2012).Google Scholar
  87. 87.
    Mennink B.: Indifferentiability of double length compression functions. In: IMA International Conference 2013. Lecture Notes in Computer Science, vol. 8308, pp. 232–251. Springer, Heidelberg (2013).Google Scholar
  88. 88.
    Mennink B.: On the collision and preimage security of MDC-4 in the ideal cipher model. Des. Codes Cryptogr. 73(1), 121–150 (2014).Google Scholar
  89. 89.
    Mennink B., Preneel B.: Hash functions based on three permutations: a generic security analysis. In: Advances in Cryptology—CRYPTO 2012. Lecture Notes in Computer Science, vol. 7417, pp. 330–347. Springer, Heidelberg (2012).Google Scholar
  90. 90.
    Mennink B., Preneel B.: On the XOR of multiple random permutations. In: Applied Cryptography and Network Security - ACNS 2015. Lecture Notes in Computer Science. Springer, Heidelberg (2015), to appear.Google Scholar
  91. 91.
    Merkle R.: One way hash functions and DES. In: Advances in Cryptology—CRYPTO ’89. Lecture Notes in Computer Science, vol. 435, pp. 428–446. Springer, Heidelberg (1990).Google Scholar
  92. 92.
    Merkle R.C.: Secrecy, Authentication and Public Key Systems. Ph.D. thesis, UMI Research Press, Italy (1979).Google Scholar
  93. 93.
    Meyer C., Schilling M.: Secure program load with manipulation detection code. In: Proceedings of Securicom. pp. 111–130 (1988).Google Scholar
  94. 94.
    Miyaguchi S., Ohta K., Iwata M.: Confirmation that some hash functions are not collision free. In: Advances in Cryptology—EUROCRYPT ’90. Lecture Notes in Computer Science, vol. 473, pp. 326–343. Springer, Heidelberg (1990).Google Scholar
  95. 95.
    Moody D., Paul S., Smith-Tone D.: Improved indifferentiability security bound for the JH mode. Cryptology ePrint Archive Report 2012/278 (2012).Google Scholar
  96. 96.
    Naito Y.: Blockcipher-based double-length hash functions for pseudorandom oracles. In: Selected Areas in Cryptography 2011. Lecture Notes in Computer Science, vol. 7118, pp. 338–355. Springer, Heidelberg (2011).Google Scholar
  97. 97.
    Naito Y., Yoneyama K., Ohta K.: Reset indifferentiability from weakened random oracle salvages one-pass hash functions. In: Applied Cryptography and Network Security—ACNS 2014. Lecture Notes in Computer Science, vol. 8479, pp. 235–252. Springer, Heidelberg (2014).Google Scholar
  98. 98.
    National Institute for Standards and Technology: Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA3) family (2007).Google Scholar
  99. 99.
    Özen O., Stam M.: Another glance at double-length hashing. In: IMA International Conference 2009. Lecture Notes in Computer Science, vol. 5921, pp. 176–201. Springer, Heidelberg (2009).Google Scholar
  100. 100.
    Özen O., Stam M.: Collision attacks against the Knudsen-Preneel compression functions. In: Advances in Cryptology—ASIACRYPT 2010. Lecture Notes in Computer Science, vol. 6477, pp. 76–93. Springer, Heidelberg (2010).Google Scholar
  101. 101.
    Özen O., Shrimpton T., Stam M.: Attacking the Knudsen-Preneel compression functions. In: Fast Software Encryption 2010. Lecture Notes in Computer Science, vol. 6147, pp. 94–115. Springer, Heidelberg (2010).Google Scholar
  102. 102.
    Password Hashing Competition (2013). https://password-hashing.net/.
  103. 103.
    Preneel B., van Oorschot P.C.: On the security of iterated message authentication codes. IEEE Trans. Inf. Theory 45(1), 188–199 (1999).Google Scholar
  104. 104.
    Preneel B., Govaerts R., Vandewalle J.: On the power of memory in the design of collision resistant hash functions. In: Advances in Cryptology—AUSCRYPT ’92. Lecture Notes in Computer Science, vol. 718, pp. 105–121. Springer, Heidelberg (1992).Google Scholar
  105. 105.
    Preneel B., Govaerts R., Vandewalle J.: Hash functions based on block ciphers: a synthetic approach. In: Advances in Cryptology—CRYPTO ’93. Lecture Notes in Computer Science, vol. 773, pp. 368–378. Springer, Heidelberg (1993).Google Scholar
  106. 106.
    Reyhanitabar M., Susilo W., Mu Y.: Enhanced security notions for dedicated-key hash functions: definitions and relationships. In: Fast Software Encryption 2010. Lecture Notes in Computer Science, vol. 6147, pp. 192–211. Springer, Heidelberg (2010).Google Scholar
  107. 107.
    Ristenpart T., Shacham H., Shrimpton T.: Careful with composition: limitations of the indifferentiability framework. In: Advances in Cryptology—EUROCRYPT 2011. Lecture Notes in Computer Science, vol. 6632, pp. 487–506. Springer, Heidelberg (2011).Google Scholar
  108. 108.
    Rivest R.: The MD4 message digest algorithm. In: Advances in Cryptology—CRYPTO ’90. Lecture Notes in Computer Science, vol. 537, pp. 303–311. Springer, Heidelberg (1991).Google Scholar
  109. 109.
    Rivest R.: The MD5 message-digest algorithm. Request for Comments (RFC) 1321 (1992).Google Scholar
  110. 110.
    Rivest R.: Abelian square-free dithering for iterated hash functions. In: ECRYPT Hash Function Workshop 2005.Google Scholar
  111. 111.
    Rivest R.L., Agre B., Bailey D.V., Crutchfield C., Dodis Y., Elliott K., Khan F.A., Krishnamurthy J., Lin Y., Reyzin L., Shen E., Sukha J., Sutherland D., Tromer E., Yin Y.L.: The MD6 hash function. Submitted to NIST’s SHA-3 Competition (2008).Google Scholar
  112. 112.
    Rogaway P., Shrimpton T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Fast software encryption 2004. Lecture Notes in Computer Science, vol. 3017, pp. 371–388. Springer, Heidelberg (2004).Google Scholar
  113. 113.
    Rogaway P., Steinberger J.P.: Constructing cryptographic hash functions from fixed-key blockciphers. In: Advances in Cryptology—CRYPTO 2008. Lecture Notes in Computer Science, vol. 5157, pp. 433–450. Springer, Heidelberg (2008).Google Scholar
  114. 114.
    Rogaway P., Steinberger J.P.: Security/efficiency tradeoffs for permutation-based hashing. In: Advances in Cryptology—EUROCRYPT 2008. Lecture Notes in Computer Science, vol. 4965, pp. 220–236. Springer, Heidelberg (2008).Google Scholar
  115. 115.
    Sarkar P.: Construction of universal one-way hash functions: tree hashing revisited. Discret. Appl. Math. 155(16), 2174–2180 (2007).Google Scholar
  116. 116.
    National Institute of Standards and Technology. Secure Hash Standard (SHS). Federal Information Processing Standards Publication 180–3 (2008).Google Scholar
  117. 117.
    Shrimpton T., Stam M.: Building a collision-resistant compression function from non-compressing primitives. In: International Colloquium on Automata, Languages and Programming—ICALP (2) 2008. Lecture Notes in Computer Science, vol. 5126, pp. 643–654. Springer, Heidelberg (2008).Google Scholar
  118. 118.
    Simon D.: Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In: Advances in Cryptology—EUROCRYPT ’98. Lecture Notes in Computer Science, vol. 1403, pp. 334–345. Springer, Heidelberg (1998).Google Scholar
  119. 119.
    Stam M.: Beyond uniformity: better security/efficiency tradeoffs for compression functions. In: Advances in Cryptology—CRYPTO 2008. Lecture Notes in Computer Science, vol. 5157, pp. 397–412. Springer, Heidelberg (2008).Google Scholar
  120. 120.
    Stam M.: Blockcipher-based hashing revisited. In: Fast Software Encryption 2009. Lecture Notes in Computer Science, vol. 5665, pp. 67–83. Springer, Heidelberg (2009).Google Scholar
  121. 121.
    Steinberger J.: The Sum-Capture Problem for Abelian Groups (2014). http://arxiv.org/abs/1309.5582.
  122. 122.
    Steinberger J.P.: The collision intractability of MDC-2 in the ideal-cipher model. In: Advances in Cryptology—EUROCRYPT 2007. Lecture Notes in Computer Science, vol. 4515, pp. 34–51. Springer, Heidelberg (2007).Google Scholar
  123. 123.
    Steinberger J.P.: Stam’s collision resistance conjecture. In: Advances in Cryptology—EUROCRYPT 2010. Lecture Notes in Computer Science, vol. 6110, pp. 597–615. Springer, Heidelberg (2010).Google Scholar
  124. 124.
    Steinberger J.P., Sun X., Yang Z.: Stam’s conjecture and threshold phenomena in collision resistance. In: Advances in Cryptology—CRYPTO 2012. Lecture Notes in Computer Science, vol. 7417, pp. 384–405. Springer, Heidelberg (2012).Google Scholar
  125. 125.
    Tsudik G.: Message authentication with one-way hash functions. In: ACM Comput. Commun. Rev. pp. 29–38. ACM, New York (1992).Google Scholar
  126. 126.
    Wang X., Yu H.: How to break MD5 and other hash functions. In: Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494, pp. 19–35. Springer, Heidelberg (2005).Google Scholar
  127. 127.
    Wang X., Yin Y., Yu H.: Finding collisions in the full SHA-1. In: Advances in Cryptology—CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621, pp. 17–36. Springer, Heidelberg (2005).Google Scholar
  128. 128.
    Watanabe D.: A note on the security proof of Knudsen-Preneel construction of a hash function (2006).Google Scholar
  129. 129.
    Wu H.: The Hash Function JH. Submitted to NIST’s SHA-3 Competition (2011).Google Scholar
  130. 130.
    Yasuda K.: How to fill up Merkle-Damgård hash functions. In: Advances in Cryptology—ASIACRYPT 2008. Lecture Notes in Computer Science, vol. 5350, pp. 272–289. Springer, Heidelberg (2008).Google Scholar
  131. 131.
    Yuval G.: How to swindle Rabin. Cryptologia 3(3), 187–191 (1979).Google Scholar
  132. 132.
    Zheng Y., Pieprzyk J., Seberry J.: HAVAL—a one-way hashing algorithm with variable length of output. In: Advances in Cryptology—AUSCRYPT ’92. Lecture Notes in Computer Science, vol. 718, pp. 83–104. Springer, Heidelberg (1993).Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Department Electrical Engineering, ESAT/COSICKU LeuvenLeuvenBelgium
  2. 2.iMindsGhentBelgium

Personalised recommendations